U of T logo

Information Security

U of T logo

Information Security

U of T logo

Information Security

FAQs2024-04-24T10:41:33-04:00

FAQs

General

1. What is the purpose of the data collected?2024-04-19T16:36:30-04:00

Data collected will only be used for protection against security threats.

2. Who can access the data?2024-04-22T11:46:25-04:00

Access to information is limited to authorized parties (e.g., administrators of the platform).

3. Where does the data get stored?2024-04-19T16:38:34-04:00

S1 data is stored in the cloud within their software as a service (SaaS) service in Canada.

4. How long does the data get stored?2024-04-19T16:40:04-04:00

S1 data is stored for up to 30 days at the S1 cloud service and 90 days within our Security Information and Event Management (SIEM) environment.

5. Why was my unit and my device chosen for the pilot?2024-04-22T11:46:06-04:00

Your unit joined the pilot to enable advanced anti-virus protection for end users within the unit. As a unit member, you were chosen to receive this critical security protection. This is one of the steps to protect individuals against security threats.

Privacy

6. Will S1 track my activity and personal use of my device(s)?2024-04-19T16:42:55-04:00

The University does not use S1 to watch an individual’s personal use of the University networks or devices. The University will not use this data to support investigations related to employee productivity, attendance/activity and any other general monitoring of behaviour not directly associated with security threat protection at the University.

7. Will someone have access to view the files or personal content on my device(s)?2024-04-19T16:43:21-04:00

Designated Information Security staff will interact with the data only if a security threat alert has been triggered. S1 uses artificial intelligence to analyze basic file data such as file name, size and file hashes to find potentially malicious files. Still, it does not analyze content data beyond threat detection. This is consistent with best practices to mitigate against constantly evolving cyber threats.

Technical

8. Are we creating S1 rules to block internet access once a virus is detected on a computer?2024-04-22T11:45:23-04:00

No. S1 is a SaaS solution and always requires access to the internet. If a machine has a virus/malware, it may be placed in “quarantine” mode depending on the policy applied against a particular set of machines.

9. Which license (basic/enhanced/advanced) should we choose for test computers?2024-04-19T16:45:14-04:00

The advice is to start with an advanced license first for managed endpoints. However, if the testing machine only deals with non-sensitive data, then a case can be made for the use of enhanced licenses.

10. Should we remove other anti-virus solutions before deploying S1 on a computer so it doesn’t slow down the performance?2024-04-19T16:45:41-04:00

Yes. Otherwise, it might interfere with the performance of the machine.

11. Should we recommend S1 for personal computers and manage them on S1 console centrally by IT?2024-04-22T11:44:56-04:00

Yes. However, careful consideration needs to be given to how this would be paid for, deployed and supported by the different divisions. Another consideration might be privacy.

The project team will be looking at deploying endpoint detection and response to some student computer labs, which run on Windows, Mac and Linux, each having its system administrator.

12. Is there any documentation available on how to deploy the agents?2024-04-19T16:46:39-04:00

Not yet. This is part of the documentation provided by professional services (i.e., the vendor).

13. Can multi-factor authentication (MFA) be used to access the console?2024-04-22T11:44:04-04:00

If it’s UTORauthed, then yes, Duo is inherited.

14. Is the management console web-based or do we need to deploy the Sentinel console on our VMware host server?2024-04-19T16:47:23-04:00

It is web-based.

15. Does S1 support VMware host server?2024-04-19T16:47:42-04:00

Yes, S1 supports VMware host server, but it would require a separate license.

16. How do I learn more about the S1 product and how it works?2024-04-22T11:43:43-04:00

You can register for the free S1 basic admin training that runs weekly:

  1. S1 Part 1 welcome training – runs Tuesdays at 10 a.m. PST
  2. S1 Part 2 welcome training – runs Thursdays at 10 a.m. PST
17. Does S1 support Linux?2024-04-19T16:56:12-04:00

In addition to the operating systems listed below, SentinelOne also provides dedicated agents for K8s and NetApp.

Platform OSVersion
WindowsWindows Server Core2022, 2019, 2016, 2012
WindowsWindows Server2022, 2019, 2016, 2012 R2, 2012, 2008 R2 SP1
WindowsWindows Storage Server2016, 2012 R2, 2012
WindowsWindows 7 SP1, 8, 8.1, 10, 1132/64-bit
Windows LegacyWindows XPSP3 or later (KB968730), 32/64-bit NTFS/FAT32
Windows LegacyWindows Server 2003SP2 or later, or R2 SP2 or later,  (KB968730), 32/64-bit
Windows LegacyWindows 2008(Pre-R2)
Windows LegacyWindows Server 2008x64 - Only with Agent version 2.1.0.93, (KB4474419)
Windows LegacyWindows Embedded POSReady 2009
LinuxCentOS8.0 - 8.4, 7.0 - 7.9, 6.4+
LinuxRed Hat Enterprise Linux (RHEL)9.0 - 9.1, 8.0 - 8.7, 7.0 - 7.9, 6.4+
LinuxUbuntu22.04, 20.04, 19.10, 19.04, 18.04, 16.04, 14.04
LinuxAmazonAmazon Linux 2, AMI 2018, AMI 2017
LinuxSUSE Linux Enterprise Server15.x, 12.x
LinuxDebian11, 10, 9, 8
LinuxVirtuozzo7
LinuxScientific Linux7.6
LinuxAlmaLinux9.0 - 9.1, 8.4 - 8.7
LinuxRockyLinux 9.0 - 9.1, 8.4 - 8.7
LinuxOracle9.0, 8.0 - 8.7, 7.0 - 7.9, 6.9 - 6.10
LinuxFedora32 - 37, 31 (starting with kernel 5.5.x), 25 - 30
Linux ARMRHEL9.0 - 9.1, 8.4-8.7
Linux ARMAmazon Linux2
Linux ARMUbuntu22.04, 20.04, 18.04
Linux ARMSUSE15.x
Linux ARMCentOS8.3
Linux ARMAlma Linux9, 8.7, 8.6
Linux ARMRocky Linux9, 8.7, 8.6
Linux ARMDebian11, 10
MacOSVentura13.0 - 13.2
MacOSMonterey12.0 - 12.6.3
MacOSBig Sur11.0 - 11.7.3
Go to Top